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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Appellants: Kenneth Charles Boy dstun, et al. § 

§ Group Art Unit: 3685 
Serial No.: 10/075,336 § 

§ Examiner: Sherr, Cristina O. 
Filed: February 13, 2002 § 

§ Confirmation No.: 8714 
For: Method and Software for Migrating § 
Protected Authentication Data § 

REASONS FOR REQUESTING PRE-APPEAL REVIEW 

In the Final Office Action dated March 31, 2010 ("Final Office Action"), claim 22 was 
rejected under 35 USC § 103(a) as being unpatentable over Sampson et al, U.S. Pat. No. 
6,429,624 ("Sampson") in view of Blakley, III et al., U.S. Pat. No. 5,832,211 ("Blakley"). 
Appellants respectfully submit that the Final Office Action had a clear error because the applied 
art, alone or in combination, does not disclose all of the limitations recited in claim 22. Claims 
23-35 depend from claim 22. Therefore, the arguments presented below in support of 
patentability for claim 22 apply to and are repeated for claims 23-35 as well. Also, Appellants 
submit that Mehring, et al. U.S. Pat. No. 6,609,115 does not cure the deficiencies of Sampson 
and Blakley noted below. Thus, for the reasons specified below, Appellants respectfully request 
allowance of claims 22-35. 

L Sampson in view of Blakley does not teach or suggest capturing the password provided 

to the source user authenticator, monitoring the source user authenticator for an approval 

response and populating the target datastore with the captured password upon receipt of an 

approval response. 

Claim 22 of the pending application recites in part: 

using the source user authenticator to prompt for and receive the 
identification and a password from the user, the target user authenticator: 
monitors the source user authenticator for an approval response, and upon an 
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approval response from the source user authenticator, captures the password 
provided to the source user authenticator by the user in response to prompting by 
the source authenticator, populates the target datastore with the captured 
password, and associates the captured password with the corresponding 
identification. 

Thus, migrating password data from a source (or first) datastore to a target (or second) datastore 
according to the method of claim 22 may be accomplished without decrypting the password data 
stored in the source datastore and copying the decrypted password data to the target datastore. 
Rather, the interceptor captures the password provided by the user to the source user 
authenticator in response to prompting by the source user authenticator and waits to see whether 
the source user authenticator approves the user. If the source user authenticator approves the 
user's password, then the target user authenticator can populate its own datastore with the 
captured password knowing that the captured password is authentic. In some cases, the 
password data may be stored in the source datastore as, for example, a hash or other format that 
is not subject to being decrypted. However, such a method of storage is no impediment for 
migrating password data from the source datastore to the target datastore according to the 
method of claim 16 since no decryption is necessary. The only requirement is that the source 
user authenticator is still functioning such that it is able to verify that the entered password is 
authentic. 

The Final Office Action acknowledges that Sampson does not teach these elements of 
claim 16 recited above, but alleges that Blakley does disclose these elements. See, Final Office 
Action, pp. 4-5. Appellants respectfully disagree. In contrast to claim 22, Blakley requires that 
passwords stored in a first datastore be decrypted and then passed as plain text passwords to the 
second datastore. See, for example, Blakley, column 8, which states that "if the value is 
identified, the password synchronization server retrieves client W's password from the password 
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repository and decrypts it. Next, in block 450, the password synchronization server returns 
client W's password to foreign registry Z." This is a completely different method for 
transferring password data from one repository to another and is inapplicable to systems in 
which the password is stored as, for example, a hash, which is an item typically not capable of 
being decrypted. 

II. Neither Sampson nor Blakley teach or suggest migrating password data from a source 
datastore to a target datastore. 

Claim 22 of the pending application recites "migrating the source datastore to the target 
datastore, wherein the source datastore comprises user identification data and user authentication 
data, wherein the source datastore is associated with a source user authenticator, wherein the 
target datastore is associated with a target user authenticator, and wherein the target user 
authenticator is in communication with the source user authenticator." The Final Office Action 
alleges that Sampson discloses this feature citing various passages in columns 6, 7, and 17. See, 
Final Office Action, p. 4. Appellants respectfully disagree with this assertion. Sampson relates 
to a system that controls access to information resources. (See, Sampson, Abstract). Sampson 
discloses a session manager that determines whether the client is involved in an authenticated 
session with any access server in the system. If so, the client is permitted to access the resources 
without logging in to the specific access server that is associated with the protected server. 
Thus, Sampson merely teaches a single sign-on system such that a user only has to authenticate 
themselves once rather than multiple times even though the system may include multiple 
protected resources requiring authentication. Sampson does not disclose migrating identification 
and authentication (e.g., password) data from a source datastore to a target datastore. In fact, 
Sampson is completely unconcerned with migrating data of any type at all. Sampson is simply 
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concerned with providing a single sign-on for a user so that the user does not have to log in 
multiple times in order to access various protected resources in the system. Such a system is 
unrelated to migrating authentication data from one datastore to another without requiring a user 
to re-enroll. 

Blakley does not cure this deficiency in Sampson. Blakley provides password 
synchronization between a main data store and a plurality of secondary data stores. (See, for 
example, Blakley, Abstract). This enables the user to maintain a single, unique password among 
the plurality of secondary datastores. Thus, Blakley uses a password synchronization server to 
store user names and plain-text passwords securely and to respond to requests from secondary 
datastores for their retrieval. The passwords are sent to the secondary datastores using 
encryption that is decipherable by the secondary datastores. However, notably absent from 
Blakley is any teaching or suggestion of migrating data from a source datastore to a target 
datastore. Note that data migration is not equivalent to data replication. Also, Blakley does not 
address the problem of migrating from one vendor's proprietary encryption scheme to another 
vendor's product without having every user re-enter their security information and without 
decrypting the data stored in the first vendor's product. 

For at least the reasons established in sections I and II, Appellants respectfully submit 
that the Final Office Action contains clear errors and submit that independent claim 22 is not 
taught or suggested by Sampson in view of Blakley and respectfully request allowance of this 
claim. 
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Conclusion 

Appellants respectfully submit that the Final Office Action had clear errors because all of 
the limitations of the claims clearly were not met by the applied art for the reasons stated above. 
Accordingly, Appellants respectfully request prosecution to be reopened and Appellants 
respectfully submit that the present application is in condition for allowance. 

The Commissioner is hereby authorized to charge payment of any further fees associated 
with any of the foregoing papers submitted herewith, or to credit any overpayment thereof, to 
Deposit Account No. 21-0765, Sprint. 

Respectfully submitted, 



Date: June 21. 2010 /Michael W. Piper/ 

Michael W. Piper 
Reg. No. 39,800 

ConleyRose,P.C. 

5601 Granite Parkway, Suite 750 ATTORNEY FOR APPELLANTS 

Piano, Texas 75024 

(972) 731-2288 

(972) 731-2289 (facsimile) 
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